Earlier this year, the governor of California signed into law the California Consumer Privacy Act of 2018, one of the toughest data privacy laws in the U.S. It takes effect in 2020.
The law is similar to the GDPR. The EU General Data Protection Regulation requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
The California law applies to most companies that collect the data of Californians, and it expands the definition of what is considered personal information, including behavioral and profiling data and professional and personal background data.
Under the new law, consumers in California are guaranteed the following rights:
- “To know what personal information is being collected about them”
- “To know whether their personal information is sold or disclosed and to whom”
- “To say no to the sale of personal information”
- “To access their personal information”
- “To equal service and price, even if they exercise their privacy rights”
The law requires any business that collects a California consumer’s personal information to disclose the categories and specific pieces of personal information that have been collected and the purposes for which the information will be used if the person requests.
If a person requests their information, the business must provide access to it in a format that allows that data to be transmitted to another entity. A person may also opt-out of the sale of any of their information.
Businesses must also delete a consumer’s personal information if that person requests, unless the information is necessary for the business to complete a transaction, detect security incidents or protect against fraud, repair errors, protect free speech, engage in research or comply with other California laws.
Businesses who have changed policies to align with GDPR may need to make additional changes to come into compliance with California’s law, and should work with an attorney to determine the next steps.
Compliance Corner is a feature on the PeopleScout blog. At least once a month, we’ll be featuring a compliance issue that’s in the news or on our minds. Understanding the patchwork of labor laws across the world is complicated, but it’s part of what we do best. If you have questions on the compliance issue discussed in this post, please reach out to your PeopleScout account team or contact us at firstname.lastname@example.org.